After much testing and pondering, my attempts to get this working have failed. I have FreeBSD 4.9-Stable and a 2611 router. This used to work perfectly with FreeBSD 4.6. Once I get the GRE tunnel up I can ping between the hosts no problem. When I activate WCCP it sees squid and forwards packets, but that's where I am stuck. I am not getting any hits on my IPFW redirect. When I point the browser directly to the gre interface, port 80, it works though. Here is what a failed WCCP req looks like at the proxy interface...
[EMAIL PROTECTED] Sat 07 10:16:56[/]# tcpdump -nvpi gre0 tcpdump: listening on gre0 10:18:28.525760 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl 255, id 12, len 72) 10:18:30.681303 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl 255, id 13, len 72) 10:18:32.128585 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok] udp 52 (ttl 64, id 60324, len 80) 10:18:32.131244 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok] udp 64 (ttl 255, id 20220, len 92) 10:18:33.645334 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl 255, id 14, len 72) 10:18:39.580227 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl 255, id 15, len 72) 10:18:42.578353 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok] udp 52 (ttl 64, id 60330, len 80) 10:18:42.580954 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok] udp 64 (ttl 255, id 20223, len 92) 10:18:52.698008 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok] udp 52 (ttl 64, id 60337, len 80) 10:18:52.700669 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok] udp 64 (ttl 255, id 20225, len 92) Then I just get "Page cannot be displayed". I recall seeing that GRE was broke on 4.9 which is the only explanation I can come up with as I have tried everything. Or am I missing something? Here are the config details: FReeBSD info: ifconfig gre0 destroy ifconfig gre0 create ifconfig gre0 192.168.201.2 192.168.201.1 netmask 255.255.255.252 link1 ifconfig gre0 tunnel 192.168.200.2 192.168.200.1 up gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> mtu 1476 inet 192.168.201.2 --> 192.168.201.1 netmask 0xfffffffc inet6 fe80::208:c7ff:fed9:cb83%gre0 prefixlen 64 scopeid 0x8 [EMAIL PROTECTED] Sat 07 10:14:39[/]# ping 192.168.201.1 PING 192.168.201.1 (192.168.201.1): 56 data bytes 64 bytes from 192.168.201.1: icmp_seq=0 ttl=255 time=2.000 ms 64 bytes from 192.168.201.1: icmp_seq=1 ttl=255 time=2.027 ms 64 bytes from 192.168.201.1: icmp_seq=2 ttl=255 time=2.084 ms Note: GRE on isolated /30. [EMAIL PROTECTED] Sat 07 10:16:35[/]# ipfw -d show 00030 44724 19062106 allow ip from any to any via lo0 00031 162542 53667451 allow ip from any to any via fxp0 00041 90 8148 allow udp from 192.168.201.1 to any in recv gre0 00042 95 8700 allow udp from 192.168.201.2 to any out xmit gre0 00043 67 4808 allow gre from 192.168.201.1 to any in recv gre0 00044 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via gre0 in Squid info: wccp_router 192.168.201.1 wccp_version 4 [EMAIL PROTECTED] Sat 07 10:13:25[/]# /usr/local/etc/rc.d/squid.sh start [EMAIL PROTECTED] Sat 07 10:13:27[/]# Feb 7 10:13:27 dome squid[14101]: Squid Parent: child process 14103 started Feb 7 10:13:28 dome squid[14103]: Starting Squid Cache version 2.5.STABLE4 for i386-unknown-freebsd4.9... Feb 7 10:13:28 dome squid[14103]: Process ID 14103 Feb 7 10:13:28 dome squid[14103]: With 3584 file descriptors available Feb 7 10:13:28 dome squid[14103]: Performing DNS Tests... Feb 7 10:13:28 dome squid[14103]: Successful DNS name lookup tests... Feb 7 10:13:28 dome squid[14103]: DNS Socket created at 0.0.0.0, port 2830, FD 5 Feb 7 10:13:28 dome squid[14103]: Adding nameserver 127.0.0.1 from squid.conf Feb 7 10:13:28 dome squid[14103]: Unlinkd pipe opened on FD 10 Feb 7 10:13:28 dome squid[14103]: Swap maxSize 512000 KB, estimated 39384 objects Feb 7 10:13:28 dome squid[14103]: Target number of buckets: 1969 Feb 7 10:13:28 dome squid[14103]: Using 8192 Store buckets Feb 7 10:13:28 dome squid[14103]: Max Mem size: 8192 KB Feb 7 10:13:28 dome squid[14103]: Max Swap size: 512000 KB Feb 7 10:13:28 dome squid[14103]: Rebuilding storage in /var/webcache (CLEAN) Feb 7 10:13:28 dome squid[14103]: Using Least Load store dir selection Feb 7 10:13:28 dome squid[14103]: Current Directory is /usr/local/squid/var/logs Feb 7 10:13:28 dome squid[14103]: Loaded Icons. Feb 7 10:13:28 dome squid[14103]: Accepting HTTP connections at 0.0.0.0, port 3128, FD 12. Feb 7 10:13:28 dome squid[14103]: Accepting ICP messages at 0.0.0.0, port 3130, FD 13. Feb 7 10:13:28 dome squid[14103]: Accepting WCCP messages on port 2048, FD 14. Feb 7 10:13:28 dome squid[14103]: Ready to serve requests. 2611 info: ip wccp version 1 ip wccp web-cache redirect-list 1 interface ATM0/0.1 point-to-point ip address 10.100.1.56 255.255.0.0 ip access-group 105 in ip nat outside ip wccp web-cache redirect out pvc 8/35 encapsulation aal5snap interface Tunnel0 ip address 192.168.201.1 255.255.255.252 tunnel source 192.168.200.1 tunnel destination 192.168.200.2 access-list 1 remark Permit-Local-Nets access-list 1 permit 192.168.200.0 0.0.0.255 #sh ip wccp Global WCCP information: Router information: Router Identifier: 192.168.201.1 Protocol Version: 1.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 66 Redirect access-list: 1 Total Packets Denied Redirect: 0 Total Packets Unassigned: 0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 #sh ip wccp web-cache detail WCCP Cache-Engine information: IP Address: 192.168.201.2 Protocol Version: 0.4 State: Usable Initial Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Hash Allotment: 256 (100.00%) Packets Redirected: 7 Connect Time: 00:02:29 #sh int tun0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 192.168.201.1/30 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 192.168.200.1, destination 192.168.200.2 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled Checksumming of packets disabled, fast tunneling enabled Last input 00:00:09, output 00:00:09, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/0, 1 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 800 packets input, 108454 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1540 packets output, 170431 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out #ping 192.168.201.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.201.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms This looks good from BSD... [EMAIL PROTECTED] Sat 07 10:31:10[/]# tcpdump -nvpi gre0 icmp tcpdump: listening on gre0 10:31:20.347169 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl 255, id 40, len 100) 10:31:20.347205 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64, id 61500, len 100) 10:31:20.351173 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl 255, id 41, len 100) 10:31:20.351189 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64, id 61502, len 100) 10:31:20.354802 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl 255, id 42, len 100) 10:31:20.354818 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64, id 61504, len 100) 10:31:20.358599 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl 255, id 43, len 100) 10:31:20.358616 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64, id 61506, len 100) 10:31:20.362212 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl 255, id 44, len 100) 10:31:20.362228 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64, id 61508, len 100)